felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): apply rule from #51.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-14 22:54:26 +01:00
parent d93879d9df
commit 393e339b48
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
7 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/systemd/systemd-journald
View file

@ -47,14 +47,16 @@ profile systemd-journald @{exec_path} {
@{run}/udev/data/+pci:* r,
@{run}/udev/data/+platform* r,
@{run}/udev/data/+scsi:* r,
@{run}/udev/data/+sdio:* r,
@{run}/udev/data/+usb-serial:* r,
@{run}/udev/data/+usb:* r,
@{run}/udev/data/+virtio:* r,
@{run}/udev/data/+sdio:* r,
@{run}/udev/data/c1:[0-9]* r,
@{run}/udev/data/c10:224 r, # for /dev/tpm0
@{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/**
@{run}/udev/data/c23[0-9]:[0-9]* r,
@{run}/udev/data/c24[0-9]:[0-9]* r,
@{run}/udev/data/c4:[0-9]* r,
@{sys}/devices/**/uevent r,
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,

2
apparmor.d/groups/systemd/systemd-makefs
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/systemd/systemd-makefs
profile systemd-makefs @{exec_path} {
include <abstractions/base>
include <abstractions/disks-read>
include <abstractions/disks-write>
include <abstractions/systemd-common>
capability net_admin,